Why fraud awareness should be a top business priority

EY Ireland discusses the current fraud environment and what a strong fraud risk management framework should include.

In brief

• The fraud landscape is continuing to evolve and increase due to various developments in today’s environment. 
• Companies will need to plan and implement a comprehensive and robust fraud risk management framework to prevent, detect and respond. 

Fraud continues to be a pervasive and costly problem for businesses around the world, leading to financial losses, reputational damage and loss of customer and shareholder trust. The ACFE report that businesses lose an estimated 5% of annual revenue to fraud . The EY Global Integrity Report 2022, revealed that 55% of respondents observed either a deterioration or stagnation of standards of integrity in their organisation over the past 18 months.  

Lapses in ethical standards within organisations can create a perfect storm for fraud to occur, which means organisations need to be alert to the changing fraud landscape, and how various technology and sustainability developments, and the current macro-economic environment.

Fraud in today’s environment

Opportunities for fraud have increased due to various developments in a today’s environment, for example:

1. Artificial Intelligence (AI): The advancement of AI accelerates business processes but opens new avenues for fraud, compelling organisations to harness AI's power for robust fraud prevention while carefully managing associated risks.
2. Economic headwinds: Tough economic times heighten fraud risks, as financial strain on individuals and cost-cutting in businesses can compromise anti-fraud defences when they're needed most.
3. ESG: The rush for positive ESG reporting can lead to "greenwashing," with the lack of standardization and verification making it easier to disguise true performance, risking reputation and finances.

Organisations must stay one step ahead particularly in a period of change and uncertainty. As the fraud landscape is fast evolving with threats becoming more sophisticated, organisations need to ask themselves are they confident in the effectiveness of the measures in place to prevent and detect fraud? 

What companies need to do

Implementing a comprehensive and robust fraud risk management framework to prevent, detect and respond to fraud is critical. A strong fraud risk management framework should include the following components.

Organisations should ask the following questions to start to understand their challenges, and fraud risk.

1. Organisation and culture

• Does leadership effectively establish a culture of integrity by setting a strong tone from the top?
• Who is responsible for overseeing fraud management within your organisation?

2. Risk assessment

• Do you have a fraud risk assessment process that identifies potential issues? 
• Does this analyse root cause and potential impact, and evaluate mitigation controls?

3. Policies and standards

• Do you have set of formalised policies and procedures, approved by management?
• Are policies disseminated across the organisation and third parties to help to prevent issues from arising?

4. Education and awareness

• Do you carry out periodic and tailored anti-fraud training?
• How confident are you that everyone at your organisation and your third parties know what is expected of them? 

5. Management and control processes

• Do you have effective controls in place to help detect and mitigate fraud?
• Are controls designed to address specific risks identified in your fraud risk assessment?

6. Monitoring, auditing and speaking-up processes

• Do you monitor transactions to identify suspicious activity?
• How confident are you that your employees, suppliers and other third parties are able to report issues?

7. Reporting, communication, and improvement actions

• What systems and protocols do you have in place to report fraud events to key stakeholders?
• What do you have in place to ensure that lessons are learnt, and actions are taken to reduce the risk of further issues?

8. Investigation, root cause and remediation

• What processes are in place to triage and investigate suspected fraud?
• Do those carrying out investigations have the necessary skills required? 
• Are actions taken to understand root causes of fraud?

Where to start?

1. Maturity assessment

Before an organisation can effectively combat fraud, it must first understand its current vulnerabilities.

• A maturity assessment is a critical diagnostic tool that helps organisations gauge the effectiveness of their existing fraud prevention and detection capabilities. 
• Organisations should benchmark current anti-fraud efforts against industry leading practices.
• This not only highlights the areas of strength but, more importantly, identifies the critical gaps and weaknesses that require attention.

2. Next steps

Upon completing a maturity assessment, a tailored anti-fraud strategy that aligns with the unique needs and risk profile of the organisation should be developed.

• This strategy should be comprehensive, encompassing preventive, detective, and responsive measures.
• It must include the establishment of a robust internal control environment, the integration of advanced data analytics for fraud detection, and the development of a response plan for fraud incidents.
• Ensure a holistic anti-fraud approach that will be embedded within the fabric of the organisation's culture and operations. Training programs, regular audits, and a continuous feedback loop for improving anti-fraud measures are also integral components of a robust anti-fraud strategy.